May I argue that a secure end-to-end encrypted channel does not always equal SSL? I know that PKI is pervasive, but wouldn't want to rule out the potential of using identity-based encryption (IBE)...
Date: Wed, 28 Feb 2007 20:23:46 -0600 From: "Alaric Dailey" <[EMAIL PROTECTED]> Subject: RE: HTTPS status To: <specs@openid.net> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" That wording is better than I remember, but really with free certificates being readily available, and the obvious need for prtecting users data, WHY oh WHY is there even support for an unencrypted channel? Heck even Jabber is being moved to a completely secure end to end encrypted channel. With this being created brand new, why start insecure? I realize I am repeating the same thing I started a few months ago, but with MS and AOL supporting OpenID, it means a lot more users will be exposed to it, making it even more important to do it right from the beginning. Why is there such reluctance? ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
